The deadline for states to implement their Medicaid Recovery Audit Contractor (RAC) program was January 12, 2012, as required in the final rule published in the Federal Register on September 16, 2011.
This does not necessarily mean that all states will be up and running by that date but that they should have signed contracts with their selected RAC vendors in place. According to the Centers for Medicare & Medicaid Services (CMS), recoveries may begin anywhere between 12 and 18 months from the start of the program, even though some states-but “very few,” says CMS-may receive exemptions.
In early January, CMS issued a document containing more than 50 frequently asked questions (FAQs) about the Medicaid RAC program, which are divided into the following sections:
- Operational guidance
- Procurements and conflicts of interest
- Appeals process
- State reporting of improper payments identified by Medicaid RACs
- Audit coordination
- Program exceptions
- Contingency fees
- Stakeholder inquiries and general information
Many of the FAQs relate to provider concerns, and an equal number relate to the operational details of other key players, such state Medicaid plan managers. Those of most interest to providers are summarized below.
Setting Expectations for States
CMS urged states to practice “transparency” about their RACs’ activities. For example, before audits begin, states should inform providers of the following:
- RAC vendor’s name and contact information
- The date by which the RAC will begin working to identify overpayments and underpayments
- A general description of the scope of work.
However, providers should not expect any advance notice of the state-focused RAC audit areas. When the time comes for an audit, the Medicaid RACs will notify the provider about the specific type of claims that will be reviewed, so they can prepare.
Sticking to Review Guidelines
When auditors come to town, providers often ask just how many records they will have to produce, and while CMS suggests a possible limit of 300 records for an inpatient hospital audit, it is only a suggestion. In the FAQs, the agency indicates that auditors must set limits on the number and frequency of records for review but gives them flexibility in those numbers.
Medicaid RACs must not review claims that are more than three years from the date the claim was filed, unless they receive state approval. The state, in turn, must obtain CMS’s approval through the state plan amendment (SPA) process. An example of this would be if a look-back period is less than three years because the state’s system can retain only two years’ worth of claims data.
The states and Medicaid RACs must agree on the specific target areas as well as the look-back period. In addition to gathering state-specific data to determine the audit topics, findings from the federal watchdogs, such as the Office of Inspector General or Government Accountability Office, will be considered.
Keeping Tabs on Activities
The steps CMS intends to take to monitor and evaluate all activities include the following:
- Conduct a program-integrity review.
- Collect State Program Integrity Assessments (SPIAs) (first national data-collection on state Medicaid program integrity activities).
- Review the overpayments that each state collects in connection with its filings via the CMS-64 form (a statement of expenditures for which states are entitled to federal reimbursement).
“A key to the overall success of the Medicaid RAC program…is to assess effectiveness and efficiencies, identify program vulnerabilities, and implement corrective action when necessary,” CMS says. When auditors uncover these “program vulnerabilities,” states will review and determine whether the problems are individual to the provider or more widespread. In any case, CMS would expect states to issue provider education on how to prevent the billing errors uncovered.
Avoiding Duplicate Audits
How will states and/or CMS ensure coordination and avoid duplication of effort among Medicaid RACs and all of the other auditors in place (including Medicaid integrity contractors [MICs])?
According to CMS, states and their Medicaid RACs must coordinate with other entities performing audits, including federal and state law-enforcement agencies such as the following:
- U.S. Department of Justice
- Federal Bureau of Investigation
- U.S. Department of Health & Human Services OIG
- State Medicaid fraud-control units.
If a provider is already being investigated by one of the above, the audit by the federal agency takes precedence over the Medicaid RAC’s activity. CMS states that it will issue future guidance on this.
On one side of its mouth, CMS says providers won’t have to undertake any major activities to prepare for the Medicaid RACs, but also advises them to do the following:
- Identify a contact point.
- Be aware of deadlines.
- Prepare medical records.
- Become familiar with Medicaid coverage guidelines.
- Educate staff.
MICs vs. Medicaid RACs
And the answer to the question asked so often: No, Medicaid RACs do not replace Medicaid integrity contractors (MICs). CMS explains that the National Medicaid Audit Program (MICs) is complementary to the Medicaid RAC program in the following way.
RAC programs will address state-specific issues stemming from the specific state’s Medicaid program and will focus on those needs and vulnerabilities. In contrast, MICs are federal auditors that address vulnerabilities on a regional and national basis-trends that probably go undetected by Medicaid RACs.
About the Author
Janis Oppelt is an editor with Medical Learning, Inc. (MedLearn), a Panacea Healthcare Solutions Company, St. Paul, MN.
Contact the Author:
To comment on this article please go to firstname.lastname@example.org
CMS’s December 30, 2011 document can be downloaded at https://www.cms.gov/MedicaidIntegrityProgram/downloads/Scanned_document_29-12-2011_13-20-42.pdf